Syslog settings

The number of packets sent to each configured host is displayed next to its IP address.

Facility value

A configurable value for the purposes of identifying events from the IP VCR on the Syslog host.
Choose from the following options:

0 - kernel messages

1 - user-level messages

2 - mail system

3 - system daemons

4 - security/authorization messages (see Note 1)

5 - messages generated internally by syslogd

6 - line printer subsystem

7 - network news subsystem

8 - UUCP subsystem

9 - clock daemon (see Note 2)

10 - security/authorization messages (see Note 1)

11 - FTP daemon

12 - NTP subsystem

13 - log audit (see Note 1)

14 - log alert (see Note 1)

15 - clock daemon (see Note 2)

16 - local use 0 (local0)

17 - local use 1 (local1)

18 - local use 2 (local2)

19 - local use 3 (local3)

20 - local use 4 (local4)

21 - local use 5 (local5)

22 - local use 6 (local6)

23 - local use 7 (local7)

Choose a value that you will remember as being the IP VCR.

Note: Various operating system daemons and processes have been found to utilize Facilities 4, 10, 13 and 14 for security/authorization, audit, and alert messages which seem to be similar.

Various operating systems have been found to utilize both Facilities 9 and 15 for clock (cron/at) messages.

Processes and daemons that have not been explicitly assigned a Facility value may use any of the "local use" facilities (16 to 21)
or they may use the "user-level" facility (1) - and these are the values that we recommend you select.

Using syslog

The events that are forwarded to the syslog receiver hosts are controlled by the event log capture filter.

To define a syslog server, simply enter its IP address and then click Update syslog settings. The number of packets sent to each configured host is displayed next to its IP address.